Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label EU. Show all posts
Technology
Chinese Tech CyberCrime Cyberhackers. Cybersecurity CyberThreat EU Germany Cyberbreach Technology

Alarm Bells Ring in Germany Over Chinese Tech Advancements

 


During the next five years, Germany will phase out components made by Chinese companies Huawei and ZTE from its 5G wireless network. This will likely worsen its already strained ties with the second-largest economy in the world, which may further strain its relations with Germany. According to the German Interior Ministry (BMI), by the end of 2026, components made by Chinese technology companies such as Huawei and ZTE will not be allowed to be used in the construction of the country's next-generation 5G mobile networks made by the German industry. 

To comply with this decision, the BMI decided that all existing components must be replaced by the year 2029. Considering 5G networks as a critical infrastructure, the German government maintains that they will have a key role to play in the energy, transportation, health care, and finance sectors in the coming years. A statement made by Huawei has been issued to CNN, stating that there has been no evidence or scenario that explicitly illustrates that its technology poses any security risks. 

A statement from the Chinese embassy in Germany said it was committed to taking whatever "necessary measures" to protect the interests of Chinese companies in Germany. According to the ban, Chinese technology companies are increasingly viewed with suspicion due to their alleged too-close ties to the government in Beijing as a result of their proliferation of investments. 

Particularly Beijing's desire to turn Huawei and ZTE into world leaders in higher-tech sectors has made Western governments wary of giving them too much influence over their national infrastructures, as it wants to establish them as the hub of the world's high-tech sector. In the meantime, another collaboration between several German and Chinese companies has created a stir in the industry. It has been announced that Luxcara, an independent asset manager based in Hamburg, Germany, has signed a contract with a Chinese company, Ming Yang, to construct wind turbines as part of a project that will be based off the coast of Germany. 

Ming Yang said in a statement on July 2 that its decision was based upon an extensive due diligence exercise that covered all aspects of the supply chain, environmental, social and governance compliance aligned with the EU taxonomy, as well as cybersecurity. It was a result of independent expertise provided by reputed international advisors. The German government also considers energy supply a critical infrastructure to generate 80% of the country's electricity by 2035 from renewable sources, which means that they will use less fossil fuels in the process. 

There is no doubt that wind power will play a significant role in the future mix of electric power sources in the world. As per official German data, during the first three months of this year, 38.5% of all electricity produced in Germany was generated by wind power, as well as 16.3% from solar energy. Among all the renewable sources of energy, wind power has seen the most significant growth. It has been important to Luxcara, according to Lars Haugwitz, senior consultant at Luxcara to select the most powerful turbines for their project to be a success. 

DW reported that only Ming Yang could deliver the unit on time with an 18.5-megawatt capacity by the end of 2028. He added that the decision was based on a thorough review of all the bids that DW had received throughout the international tender. In Europe, Vestas, a Danish offshore wind company, and Siemens Gamesa, a German-Spanish company, have held the majority of offshore wind power installations to date. The Chinese companies are now also considered by another German wind farm operator as a possible supplier for his project. 

 The German business daily Handelsblatt reports that RWE, the world's biggest energy company, is among those looking for alternatives, noting that there are limited wind turbine supplies in Europe, along with high demand. The German-based utility company recently issued a statement asserting that it currently has no Chinese suppliers within its wind energy portfolio and intends to maintain its collaboration with established European suppliers. 

However, a company spokesperson informed Deutsche Welle (DW) that the offshore wind industry must evaluate the offerings of Asian suppliers to determine if they meet the necessary standards in technology, quality, safety, and cost-effectiveness. According to Michael Tenten, managing director of Pure ISM—a company specializing in data security within the renewable energy sector—there are multiple reasons for the technological advancements of Asian companies, primarily economic. Tenten explained to DW that the swift availability of equipment is a significant factor. 

However, research conducted by the Kiel Institute for the World Economy (IfW) in Germany revealed that in 2022, over 99% of listed Chinese companies benefited from direct state subsidies. These companies also enjoyed privileged access to critical raw materials, enforced technology transfers in joint ventures, and support in public procurement processes. An example highlighted is China's car manufacturer BYD, which has emerged as the world's leading electric vehicle producer, largely due to substantial subsidies. Dirk Dohse, research director at IfW, recently told Handelsblatt that BYD has also received subsidies for battery production and component manufacturing. 

Dohse noted that while European industries often struggle to compete with Chinese pricing, without China's subsidized technology, the products essential for Germany's green transformation would be more expensive and less available. Michael Tenten of Pure ISM added that another source of mistrust towards Chinese suppliers is data security concerns. He pointed out that manufacturers typically operate their own control centres to monitor the wind farms they construct, and unless these centres are located in Germany, there remains a risk of foreign influence on operations. Lars Haugwitz of Luxcara considers this risk to be more theoretical, as there will be "no direct data link" between the German offshore wind park and the Chinese turbine manufacturer. 

Haugwitz assured that the control, operation, and maintenance of the turbines would be entirely managed within Germany. China's Ministry of Foreign Affairs issued a statement asserting that Germany’s actions severely damaged mutual trust and could affect future cooperation between China and Europe in related fields. This decision could further strain Germany’s relationship with China, its largest trading partner. Recently, Berlin blocked the sale of a Volkswagen subsidiary to a Chinese state-owned company on national security grounds, eliciting a strong response from Beijing. 

Concurrently, China is engaged in a trade dispute with the European Union, which recently increased tariffs on Chinese electric vehicles. A spokesperson for China’s Ministry of Foreign Affairs commented on Thursday that politicizing economic, trade, and technological issues would only disrupt normal technological exchanges. Germany has been deliberating for years on how to handle Huawei components in its 5G network, following the lead of the United States, the United Kingdom, Australia, and Japan, which have effectively banned the company from their 5G infrastructure due to concerns that Beijing could use Chinese tech companies to conduct espionage.
Read more »
Russia cyber threats
Cyber Attacks EU Media Media Industry NATO Poland Poland CyberSecurity Russia cyber threats

Polish State Media Targeted in Alleged Russian-Backed Cyberattack

 

In a concerning development on May 31, the Polish Press Agency (PAP), a state-run media outlet, was targeted in a cyberattack that authorities have attributed to Russian-backed operatives. This incident adds to a growing list of cyber aggression linked to Russian intelligence services, which have previously been accused of targeting Ukraine and various Western nations. 

The European Union (EU) and NATO recently condemned Russia's "malicious cyber campaign" against Germany and Czechia earlier in May, highlighting the persistent threat posed by such activities. On the morning of the attack, PAP's website displayed false messages claiming that Polish Prime Minister Donald Tusk had ordered a "partial mobilization" to begin on July 1. The swift identification of this disinformation was crucial. Deputy Prime Minister Krzysztof Gawkowski promptly declared the message as "false" and confirmed that an investigation was underway. 

He noted, "Everything points to a cyberattack and planned disinformation!" This immediate response was vital in preventing the spread of the false information. Jacek Dobrzynski, spokesperson for the Polish security service, also indicated that the attack was a "probable Russian cyberattack." Gawkowski elaborated on the intent behind the cyber operation, suggesting that it aimed to spread "disinformation before the upcoming EU parliamentary elections" and to "paralyze society." 

The false message was detected within two minutes, and Gawkowski commended the media for accurately labeling it as disinformation, thus preventing further dissemination. Gawkowski's remarks reflect a broader sentiment of heightened vigilance in Poland and across the EU regarding cyber threats. He emphasized that Poland is in a "cold war" with Russia, a stance that underscores the pervasive impact of Russian cyber activities on EU countries. 

This sentiment has been echoed by other European leaders who have called for stronger cyber defenses and increased international cooperation to counter such threats. The incident underscores the ongoing cyber conflict between Russia and Western nations, highlighting the need for robust cybersecurity measures. The EU and NATO's condemnation of Russia's cyber activities against Germany and Czechia earlier in May further illustrates the widespread nature of these threats. Poland's response to the cyberattack on PAP demonstrates the importance of rapid identification and response to disinformation campaigns. 

Gawkowski assured that Prime Minister Tusk was informed of the incident immediately, showcasing the high level of alertness among Polish authorities. As cyber threats continue to evolve, the international community must remain vigilant and proactive in defending against such attacks. This incident serves as a reminder of the critical importance of cybersecurity in safeguarding national security and public trust.
Read more »
water supply
Cyber Security Data Center Data Policies Data reports Energy EU European Commission water supply

EU Data Centers to Report Energy and Water Use Under New Rules

 

The European Union is poised to take a significant step toward regulating energy and water use in data centers. Beginning in September, all organizations operating data centers within EU nations will be required to file detailed reports on their water and energy consumption. Additionally, these organizations must outline the measures they are taking to reduce their environmental footprint. 

Data centers have been specifically targeted because they account for an estimated 2% to 3% of the total energy consumption in the EU. The increasing demand for data processing power, driven largely by the rise of AI technologies, is a major factor behind this significant energy use. Ermengarde Jabir, a senior economist at Moody’s, highlights the immense power requirements of data center hubs within the EU. 

For instance, data centers in Amsterdam demand approximately 950 megawatts of energy capacity, while those in Dublin require over 700 megawatts. Similarly, data centers in Paris and Frankfurt have comparable energy needs to Dublin. To put this in perspective, 1 megawatt of power is sufficient to power between 750 to 1,000 homes for an entire year. Notably, the world’s largest data center hub, located in northern Virginia, has a staggering capacity of 4,500 megawatts. 

The EU's new reporting rules, along with any subsequent regulations aimed at reducing energy consumption, currently apply only to data centers within EU member states. However, EU environmental regulations often serve as a model for other regions, with the notable exception of North America, according to Cándido García Molyneux, an environmental lawyer based in Brussels with the law firm Covington & Burling. “When the EU adopts these reporting requirements, it is very likely that many other countries will follow suit,” Molyneux explains. He also notes that nations aspiring to join the EU or engage in trade with the EU may need to comply with these energy regulations. 

Moreover, the EU has already implemented government procurement regulations focused on energy efficiency. Companies providing cloud or web-based services to EU residents and businesses from data centers outside the EU might also face future energy use regulations. The EU’s drive to reduce energy consumption is motivated by several factors, including the desire to phase out fossil fuels and decrease dependence on foreign energy sources, according to Moody’s Jabir. 

Although efforts to reduce energy consumption began before the conflict in Ukraine, the war has intensified the EU's resolve to cut imports of Russian oil, gas, and coal. The introduction of energy and water use reporting rules marks an early step toward broader regulation. While some energy experts believe most data center operators are prepared to comply, Molyneux anticipates challenges for certain operators. Smaller data center operators might not be aware of the new rules, and others could struggle to gather the required information in time. 

In summary, the EU’s new reporting requirements for data centers represent a crucial move toward greater transparency and accountability in energy and water use. By enforcing these regulations, the EU aims to achieve substantial reductions in energy consumption, contributing to broader environmental and sustainability goals.
Read more »
Sexual abuse
Cyber Crime Cyber Harassment Deepfake EU Sexual abuse

Nude Deepfakes: What is EU Doing to Prevent Women from Cyber Harassment


The disturbring rise of sexual deepfakes

Deepfakes are a worry in digital development in this age of rapid technical advancement. This article delves deeply into the workings of deepfake technology, exposing both its potential dangers and its constantly changing capabilities.

The manipulation of images and videos to make sexually oriented content may be considered a criminal offense across all the European Union nations. 

The first directive on violence against will move through its final approval stage by April 2024. 

With the help of AI programs, these images are being modified to undress women without their consent. 

What changes will the new directive bring? And what will happen if the women who live in the European Union are the target of manipulation but the attacks happen in countries outside the European Nation?

The victims: Women

If you are wondering how easy it is to create sexual deepfakes, some websites are just a click away and provide free-of-cost services.

According to the 2023 State of Deepfakes research, it takes around 25 minutes to create a sexual deepfake, and it's free. You just need a photo and the face has to be visible. 

A sample of 95000 deepfake videos were analyzed between 2019 and 2023, and the research discloses that there has been a disturbing 550% increase. 

AI and Deepfakes expert Henry Aider says the people who use these stripping tools want to humiliate, defame, traumatize, and in some incidents, sexual pleasure. 

“And it's important to state that these synthetic stripping tools do not work on men. They are explicitly designed to target women. So it's a good example of a technology that is explicitly malicious. There's nothing neutral about that,” says Henry.

The makers of nude deepfakes search for their target's pictures "anywhere and everywhere" on the web. The pictures can be taken from your Instagram account, Facebook account, or even your WhatsApp display picture. 

Prevention: What to do?

When female victims come across nude deepfakes of themselves, there's a societal need to protect them. 

But the solution lies not in the prevention, but in taking immediate actions to remove them. 

Amanda Manyame, Digital Law and Rights Advisor at Equality Now, says “I'm seeing that trend, but it's like a natural trend any time something digital happens, where people say don't put images of you online, but if you want to push the idea further is like, don't go out on the street because you can have an accident.” The expert further says, “unfortunately, cybersecurity can't help you much here because it's all a question of dismantling the dissemination network and removing that content altogether.”

Today, the victims of nude deepfakes seek various laws like the General Data Protection Regulation, the European Union's Privacy Law, and national defamation laws to seek justice and prevention. 

To the victims who suffer such an offense, it is advisable to take screenshots or video recordings of the deepfake content and use them as proof while reporting it to the police and social media platforms where the incident has happened. 

“There is also a platform called StopNCII, or Stop Non-Consensual Abuse of Private Images, where you can report an image of yourself and then the website creates what is called a 'hash' of the content. And then, AI is then used to automatically have the content taken down across multiple platforms," says the Digital Law and Rights at Equality Now.

Global Impact

The new directive aims to combat sexual violence against women, all 27 member states will follow the same set of laws to criminalize all forms of cyber-violence like sexually motivated "deepfakes."

Amanda Manyame says “The problem is that you might have a victim who is in Brussels. You've got the perpetrator who is in California, in the US, and you've got the server, which is holding the content in maybe, let's say, Ireland. So, it becomes a global problem because you are dealing with different countries.”

Addressing this concern, the MEP and co-author of the latest directive explain that “what needs to be done in parallel with the directive" is to increase cooperation with other countries, "because that's the only way we can also combat crime that does not see any boundaries."

"Unfortunately, AI technology is developing very fast, which means that our legislation must also keep up. So we need to revise the directive in this soon. It is an important step for the current state, but we will need to keep up with the development of AI,” Evin Incir further admits.

Read more »
EUCC
Certification Cyber Security ENISA EU EUCC

EU Takes a Leap Forward with Cybersecurity Certification Scheme

EUCC

What is the EU cybersecurity certification scheme?

The EUCC, or EU cybersecurity certification scheme, has an implementing rule that was adopted by the European Commission. The result is consistent with the cybersecurity certification methodology under consideration on EUCC, which was created by ENISA in response to a request from the European Commission.

An ad hoc working group (AHWG) made up of subject matter experts from various industrial sectors and National Cybersecurity Certification Authorities (NCCAs) of EU member states provided support to ENISA in the design of the candidate scheme.

ENISA is appreciative of the efforts made by the Stakeholder Cybersecurity Certification Group (SCCG) as well as the advice and assistance provided by Member States through the European Cybersecurity Certification Group (ECCG).

It is anticipated that the EUCC sets the path for the upcoming schemes that are presently being developed, as it is the first cybersecurity certification system accepted by the EU. While the cybersecurity certification framework is optional, an implementing act is a component of the EU Law, or "acquis communautaire." National certification programs that were previously part of the SOG-IS agreement will eventually be replaced by EUCC.

"The adoption of the first cybersecurity certification scheme marks a milestone towards a trusted EU digital single market, and it is a piece of the puzzle of the EU cybersecurity certification framework that is currently in the making," stated Juhan Lepassaar, Executive Director of the EU Agency for Cybersecurity.

About EUCC

The new program is compliant with the EU cybersecurity certification system, as stipulated by the 2019 Cybersecurity Act. Raising the degree of cybersecurity for ICT goods, services, and procedures on the EU market was the aim of this framework. It accomplishes this by establishing a thorough set of guidelines, technical standards, specifications, norms, and protocols that must be followed throughout the Union.

The new voluntary EUCC program enables ICT vendors to demonstrate proof of assurance by putting them through a commonly recognized EU assessment procedure. This approach certifies ICT goods, including hardware, software, and technological components like chips and smartcards.

The program is built around the tried-and-true SOG-IS Common Criteria assessment framework, which is currently in use in 17 EU Member States. Based on the degree of risk connected to the intended use of the good, service, or process in terms of the likelihood and consequence of an accident, it suggests two levels of assurance.

The complete plan has been customized to meet the requirements of the EU Member States through thorough research and consultation. Hence, European enterprises can compete on a national, Union, and international scale thanks to the certification processes implemented throughout the Union.

What next?

In collaboration with the Ad-hoc working group, ENISA developed the candidate scheme, defining and agreeing upon the security requirements as well as generally recognized assessment techniques.

Following ECCG's opinion, ENISA forwarded the draft scheme to the European Commission. As a result, the European Commission issued an implementing act, which was later approved through the pertinent comitology procedure.

The enacted legislation anticipates a transitional period wherein firms will reap the advantages of current certifications obtained under national systems in a subset of Member States. Accreditation and notice are available to Conformity Assessment Bodies (CABs) who are interested in evaluating against the EUCC. After evaluating their solutions against any updated or new standards outlined in the EUCC, vendors will be able to convert their current SOG-IS certificates into EUCC ones.

Other certificates

Two further cybersecurity certification programs, EUCS for cloud services and EU5G for 5G security are presently being developed by ENISA. Additionally, the Agency is assisting the European Commission and Member States in developing a certification plan for the eIDAS/wallet and has conducted a feasibility assessment on EU cybersecurity certification standards for AI. A managed security services (MSSP) program is envisioned in a recent modification to the Cybersecurity Act proposed by the European Commission.

Read more »
Trento Italy
AI Artificial Intelligence EU European Union Italy Italy privacy watchdog Privacy street surveillance project Trento Italy

Privacy Watchdog Fines Italy’s Trento City for Privacy Breaches in Use of AI


Italy’s privacy watchdog has recently fined the northern city of Trento since they failed to keep up with the data protection guidelines in how they used artificial intelligence (AI) for street surveillance projects. 

Trento was the first local administration in Italy to be sanctioned by the GPDP watchdog for using data from AI tools. The city has been fined a sum of 50,000 euros (454,225). Trento has also been urged to take down the data gathered in the two European Union-sponsored projects. 

The privacy watchdog, known to be one of the most proactive bodies deployed by the EU, for evaluating AI platform compliance with the bloc's data protection regulations temporarily outlawed ChatGPT, a well-known chatbot, in Italy. In 2021, the authority also reported about a facial recognition system tested under the Italian Interior Ministry, which did not meet the terms of privacy laws.

Concerns around personal data security and privacy rights have been brought up by the rapid advancements in AI across several businesses.

Following a thorough investigation of the Trento projects, the GPDP found “multiple violations of privacy regulations,” they noted in a statement, while also recognizing how the municipality acted in good faith.

Also, it mentioned that the data collected in the project needed to be sufficiently anonymous and that it was illicitly shared with third-party entities. 

“The decision by the regulator highlights how the current legislation is totally insufficient to regulate the use of AI to analyse large amounts of data and improve city security,” it said in a statement.

Moreover, in its presidency of the Group of Seven (G7) major democracies, the government of Italy which is led by Prime Minister Giorgia Meloni has promised to highlight the AI revolution.

Legislators and governments in the European Union reached a temporary agreement in December to regulate ChatGPT and other AI systems, bringing the technology one step closer to regulations. One major source of contention concerns the application of AI to biometric surveillance.  

Read more »
User Privacy
Cyber Security Data Privacy Concerns EU Open AI User Privacy

Open AI Moves to Minimize Regulatory Risk on Data Privacy in EU

 

While the majority of the world was celebrating the arrival of 2024, it was back to work for ChatGPT's parent company, OpenAI. 

After being investigated for violating people's privacy, the firm is believed to be rushing against the clock to do everything in its capacity to limit the regulatory risk in the EU. This is the primary reason why the company has returned to work on amending its terms and conditions. 

With a line of investigations in place to combat data protection issues concerning how chatbots process user data and how they produce data in general, including those coming from top watchdogs in the region, ChatGPT's powerful AI offering was accused of negatively impacting users' privacy. 

Things even got bad enough for Italy to temporarily halt the AI tool after determining that the company needed to modify some data and the degree of control granted to users generally. 

Now, OpenAI is sending out emails detailing how it has modified its ChatGPT service in the regions where the most concerns have arisen. They have made clear which entity, as stated in their privacy policy, is in charge of processing and regulating personal data.

The latest terms established the firm's Dublin subsidiary as the primary regulator for user data across the EEA region, including Switzerland. 

The company claimed that this would be effective as early as next month. If there is any disagreement on the matter, users are advised to delete their OpenAI accounts immediately. More discussion was conducted about how the GDPR's OSS would be implemented for firms processing EU data in order to better coordinate privacy oversights through a single supervisory body operating in the EU. 

The likelihood that privacy watchdogs operating in other parts of the world will take action on these issues is made less likely by such a status. They would have to go the path previously. The supervisor of the main firm can now receive complaints from them and address any issues. 

If an immediate risk arises, GDPR regulators would maintain the authority to intervene through local means. This year, we saw the company establish an office in Ireland's capital and hire numerous professionals for senior legal and privacy positions. However, the majority of the company's open roles are still in the United States. 

However, due to Brexit, the company's users in the United Kingdom are excluded from the entire legal basis on which OpenAI's transfer to Ireland operates. Since its inception, the EU's GDPR has failed to function and apply to those in the United Kingdom. 

A lot is going on here, and it will be interesting to see how the change in OpenAI's terms affects the regulatory risk at its peak in the EU.
Read more »
Ukraine Organization
Cyber Security Data Extortion Encryption EU EU Regulators European Union Europol Geopolitical Malicious actor Ransomware Attacks. Ransomware Gang Ukraine Organization

Europol Dismantles Ukrainian Ransomware Gang

A well-known ransomware organization operating in Ukraine has been successfully taken down by an international team under the direction of Europol, marking a major win against cybercrime. In this operation, the criminal group behind several high-profile attacks was the target of multiple raids.

The joint effort, which included law enforcement agencies from various countries, highlights the growing need for global cooperation in combating cyber threats. The dismantled group had been a prominent player in the world of ransomware, utilizing sophisticated techniques to extort individuals and organizations.

The operation comes at a crucial time, with Ukraine already facing challenges due to ongoing geopolitical tensions. Europol's involvement underscores the commitment of the international community to address cyber threats regardless of the geopolitical landscape.

One of the key events leading to the takedown was a series of coordinated raids across Ukraine. These actions, supported by Europol, aimed at disrupting the ransomware gang's infrastructure and apprehending key individuals involved in the criminal activities. The raids not only targeted the group's operational base but also sought to gather crucial evidence for further investigations.

Europol, in a statement, emphasized the significance of international collaboration in combating cybercrime. "This successful operation demonstrates the power of coordinated efforts in tackling transnational threats. Cybercriminals operate globally, and law enforcement must respond with a united front," stated the Europol representative.

The dismantled ransomware gang was reportedly using the Lockergoga ransomware variant, known for its sophisticated encryption methods and targeted attacks on high-profile victims. The group's activities had raised concerns globally, making its takedown a priority for law enforcement agencies.

In the aftermath of the operation, cybersecurity experts are optimistic about the potential impact on reducing ransomware threats. However, they also stress the importance of continued vigilance and collaboration to stay ahead of evolving cyber threats.

As the international community celebrates this successful operation, it serves as a reminder of the ongoing battle against cybercrime. The events leading to the dismantlement of the Ukrainian-based ransomware gang underscore the necessity for countries to pool their resources and expertise to protect individuals, businesses, and critical infrastructure from the ever-evolving landscape of cyber threats.

Read more »
Youtube
Ad Blockers Cyber Security Data Surveillance EU online privacy concerns spying allegations targeted ads Youtube

Allegations of Spying in the EU Hit YouTube as it Targets Ad Blockers

 

YouTube's widespread use of ads, many of which are unavoidable, has raised concerns among some users. While some accept ads as a necessary part of the free video streaming experience, privacy advocate Alexander Hanff has taken issue with YouTube and its parent company, Google, over their ad practices. Hanff has filed a civil complaint with the Irish Data Protection Commission, alleging that YouTube's use of JavaScript code to detect and disable ad blockers violates data protection regulations.

Additionally, Hanff has filed a similar complaint against Meta, the company behind Instagram and Facebook, claiming that Meta's collection of personal data without explicit consent is illegal. Meta is accused of using surveillance technology to track user behavior and tailoring ads based on this information, a practice that Hanff believes violates Irish law.

These complaints come amid a growing focus on data privacy and security in the EU, which has implemented stricter regulations for Big Tech companies. In response, Google has expanded its Ads Transparency Center to provide more details on how advertisers target consumers and how ads are displayed. 

The company has also established a separate Transparency Center to showcase its safety policy development and enforcement processes. Google has committed to continued collaboration with the European Commission to ensure compliance with regulations.

Hanff's complaints could be the first of many against Google, Meta, and other tech giants, as legislators and the public alike express increasing concerns over market competition and data privacy. 

If additional regulations are implemented, these companies will have to adapt their practices accordingly. The potential impact on their profits remains to be seen, but compliance could ultimately prove less costly than facing financial penalties.
Read more »
Spyware
Cyber Attacks EU European Union Hacking Human rights Meduza Pegasus Pegasus Spyware Russian exiled journalist Spyware

Russian Exiled Journalist Says EU Should Ban Spyware


The editor-in-chief of the independent Russian news site Meduza has urged the European Union to enact a comprehensive ban on spyware, given that spyware has been frequently used to violate human rights.

According to Ivan Kolpakov, Meduza’s editor-in-chief based in Latvia, it was obvious that Europeans should be very concerned about Pegasus in light of the discoveries regarding the hacking of his colleague Galina Timichenko by an as-yet-unconfirmed EU country.

“If they can use it against an exiled journalist there are no guarantees they cannot use it against local journalists as well[…]Unfortunately, there are a lot of fans in Europe, and we are not only talking about Poland and Hungary, but Western European countries as well,” said Kolpakov.

Since last month, the European Commission has been working on guidelines for how governments could employ surveillance technologies like spyware in compliance with EU data privacy and national security rules since last month. Despite the fact that member states are responsible for their own national security, the Commission is considering adopting a position after learning that 14 EU governments had purchased the Pegasus technology from NSO Group.

Apparently, Timichenko was targeted by Pegasus in February 2023 when she was in Berlin for a private gathering of Russian media workers exile. The meeting's subject was the threats posed by the Russian government's categorization of independent Russian media outlets as foreign agents.

Taking into account the work that Timichenko deals with, Russia was first suspected; but, according to the digital rights organization Access Now, additional information suggests that one of the intelligence services of an EU member state — the exact one is yet unknown — is more likely to be to blame.

Allegedly, the motive behind the hack could be that numerous Baltic nations, to whom Russia has consistently posed a threat, are worried that a few FSB or GRU agents may have infiltrated their borders among expatriate dissidents and journalists.

“It may happen and probably it actually happens, but in my opinion, it does not justify the usage of that kind of brutal tool as Pegasus against a prominent independent journalist,” Kolpakov said.

Kolpakov believes that the revelations have left the exiled community feeling they are not safe in Europe. “This spyware has to be banned here in Europe. It really violates human rights,” he added.     

Read more »
Security
Data Data Privacy Data Safety data security EU Safety Security

EU Makes Progress in Regulating User Data, Limiting Big Tech Control

 

The European Parliament and the Council of the EU have reached a provisional agreement on a new Data Act, aiming to regulate the usage and accessibility of consumer and corporate data within the European Union. EU industry chief Thierry Breton expressed his support for the agreement, describing it as a significant milestone in reshaping the digital landscape and fostering an innovative and open EU data economy.

The primary objective of the legislation, as outlined by the European Commission in a press release, is to grant EU end users greater control over the data generated through the use of connected devices. This includes the right to access data generated by smart objects, machines, and devices and the option to share it with external parties if desired.

The preliminary agreement encompasses several key provisions. It allows for increased data portability between different cloud providers, promotes the development of interoperability standards, and grants public sector entities the authority to access and utilize data in emergency situations. Additionally, safeguards have been incorporated to prevent unauthorized data transfers.

Concerns have been raised regarding the potential disclosure of trade secrets due to the Data Act's provisions on data sharing. Consequently, the legislation has been amended to enable companies to reject data sharing requests if they anticipate significant and irreparable economic losses as a result.

Regarded as a vital component of the EU's digital transformation, the Data Act is one of five legislative pieces designed to revamp the bloc's digital regulations. These include the Digital Markets Act, Digital Services Act, Artificial Intelligence Act, and the related Data Governance Act, collectively aiming to modernize EU digital policies.

Following the recent provisional agreement, the Data Act will undergo formal approval from both the Council and the European Parliament before becoming law. Companies will be required to comply with the legislation approximately 20 months after its approval, suggesting that it will take a couple of years for the measures outlined in the Data Act to take effect.
Read more »
technology modification
EU new world Smart phone Technology technology modification

EU Now Wants Smartphones to Feature Replaceable Batteries

 

In a noteworthy development, the European Union (EU) is making strides to reintroduce a long-lost and highly sought-after element that has gradually vanished from the smartphone market. An upcoming regulation is currently being advocated, aiming to reinstate user-replaceable batteries as a prominent feature. This proposed rule seeks to empower consumers by enabling them to easily replace the batteries in their smartphones. 

In a significant development, the European Parliament has given its seal of approval to a novel regulation focused on the manufacturing, design, and recycling aspects of rechargeable batteries within the region. This progressive rule extends its scope beyond electric vehicles, encompassing portable batteries for mobile devices such as smartphones, tablets, and other similar gadgets. 

Under this new legislation, manufacturers will be obligated to implement design modifications that facilitate user-initiated battery removal and replacement. This aligns seamlessly with earlier reports highlighting the resurgence of removable batteries in the market. 

In a shift from the prevailing trend, the prevalence of removable batteries in electronic devices has been gradually replaced by sealed battery packs, nevertheless, the prevailing sealed battery designs suffer from a significant drawback: if the battery malfunctions or fails, the entire device becomes useless and is frequently discarded. 

Although individuals with technical expertise can attempt intricate procedures to replace dead batteries in modern smartphones and devices, such endeavors pose risks to the inexperienced and may result in device damage or destruction. Moreover, a crucial question arises: without the ability to remove the battery, how does one effectively recycle it? 

Interestingly, this development follows the European Union's recent efforts to standardize USB Type C, which has compelled Apple to comply with future iPhone and product releases. This standardization initiative aims to facilitate the recovery and recycling of old batteries while reducing overall waste. 

Although this new rule is scheduled to take effect by early 2027, there is a possibility of postponement by the EU, considering the potential challenges manufacturers may face in implementing such significant redesigns. It is worth noting that sealed smartphones offer enhanced protection against environmental elements and are also viewed as a cost-cutting measure by companies. The response from different original equipment manufacturers (OEMs) to this decision remains uncertain, so stay tuned for further updates.
Read more »
Technology
AI driven attack Artifical Inteligence EU Mortgage Industry Risk of Technology Technology

Using AI for Loans and Mortgages is Big Risk, Warns EU Boss

 

The mortgage lending sector is experiencing a significant revolution driven by advanced technologies like artificial intelligence (AI) and machine learning. These cutting-edge technologies hold immense potential to revolutionize the lending process. 
However, alongside the benefits, there are also valid concerns surrounding the potential implications for human employment and the need to mitigate bias and discrimination in AI-driven decision-making. 

In an interview with the BBC, Margrethe Vestager, who is the European Commission's executive vice president, emphasized the importance of implementing "guardrails" to address the significant risks associated with technology, particularly in the context of artificial intelligence (AI). 

She highlighted the need for such precautions, especially when AI is involved in decision-making processes that directly impact individuals' livelihoods, such as determining their eligibility for a mortgage. 

How is AI benefiting Mortgage Lending Industry? 

1. Better customer experience: AI enables personalized customer experiences, allowing mortgage advisors to understand customer needs better and enhance their overall experience. 

2. Automation of routine tasks: AI automates repetitive tasks like data entry and document processing, freeing up time for mortgage advisors to focus on more strategic activities. 

3. Predictive analytics: AI analyzes data from multiple sources to provide insights into market trends and customer behavior, empowering mortgage advisors to make informed decisions and anticipate market changes. 

4. Boost risk assessment: AI algorithms analyze vast amounts of data, helping mortgage companies make better risk assessments and underwriting decisions, reducing loan defaults, and improving efficiency. 

5. Process optimization: AI identifies areas for process improvement by analyzing past transactions, enabling mortgage companies to streamline processes, reduce costs, and increase efficiency. 

6. Fraud identification: AI uses machine learning to detect potential fraud in mortgage applications, safeguarding both mortgage advisors and customers and ensuring the integrity of the lending process. 

7. Document management: AI automates document management, simplifying storage, retrieval, and management of customer information and loan documents, minimizing errors, and improving efficiency. 

8. Overcoming sales obstacles: AI tools like ChatGPT can assist in generating content ideas, helping mortgage professionals overcome content blocks, and leveraging video and social media for effective sales strategies. 

What are the risks of AI according to the Margrethe Vestager? 

Recently,  Margrethe Vestager, said that implementing "guardrails" is crucial to mitigate the significant risks associated with technology. Specifically, she emphasized the importance of having these measures in place when AI is employed to make decisions that directly impact individuals' livelihoods, such as determining their eligibility for a mortgage. 

Although the risk of extinction due to artificial intelligence (AI) is minimal, there are other pressing concerns to address. Discrimination is a prominent issue, where individuals might not receive fair treatment based on their true identities. 

Margrethe Vestager emphasized the need to prevent bias related to gender, race, or location when AI systems are employed by banks for mortgage assessments or by social services in local communities. It is essential to prioritize fairness and equal treatment to ensure everyone is respected and valued.
Read more »
Phishing scam
Artificial Intelligence ChatGPT Cyber Security Encryption EU Malicious actor Phishing scam

EU Privacy Watchdog Forms ChatGPT Task Force

The European Union’s privacy watchdog, known as the European Data Protection Supervisor (EDPS), has recently announced the formation of a task force to examine the potential privacy and data protection issues related to the ChatGPT language model. ChatGPT is a powerful artificial intelligence (AI) system that is designed to understand natural language and generate human-like responses to queries.

The EDPS has expressed concerns that ChatGPT could potentially pose significant privacy risks if it is not properly regulated and monitored. In particular, they have highlighted the potential for ChatGPT to be used for phishing scams, identity theft, and other forms of cybercrime.

One of the key vulnerabilities of ChatGPT is its ability to learn from the data it is given. This means that if it is fed with biased or malicious data, it could learn to replicate that behavior in its responses. This could potentially lead to harmful or discriminatory behavior towards certain groups of people.

Furthermore, ChatGPT is designed to generate responses based on a given context. This means that if it is given access to sensitive information, it could potentially reveal that information to unauthorized parties. This could lead to serious privacy breaches and data leaks.

To address these concerns, the EDPS has formed a task force that will work to develop guidelines and regulations for the use of ChatGPT. This task force will bring together experts from a range of fields, including AI research, privacy law, and cybersecurity.

The task force will be tasked with developing a set of best practices and guidelines for the use of ChatGPT. This will include recommendations on how to mitigate potential privacy risks, such as using robust encryption and access controls to protect sensitive data.

Overall, the formation of the ChatGPT task force is an important step towards ensuring that the use of AI systems like ChatGPT is properly regulated and monitored. By addressing potential vulnerabilities and developing best practices for their use, the EU can help to mitigate the risks associated with these powerful technologies and ensure that they are used in a responsible and ethical manner.
Read more »
Vulnerabilities and Exploits.
Canada Chinese Firm Data collection EU Phishing Attacks TikTok Ban User Privacy Vulnerabilities and Exploits.

The West Accuses TikTok of Espionage & Data Mining

 

TikTok is one of the few social media corporate giants that was not created by a Silicon Valley business. The parent business, ByteDance, which launched the internet service in China in 2016, has offices spread across the globe, including Paris. Nonetheless, Beijing remains the location of the parent company's main office. These claims, which include, among other things, some actions that are not within the purview of this social network, are fleshed out by a number of causes for concern.

TikTok will no longer be available to employees and elected officials of the European Parliament and the European Commission starting in mid-March. The United States' main worry is that the Chinese government might be able to access their citizens' data and snoop on them.

Many publications from disinformation-focused research organizations or businesses highlight how simple it is for people to come across incorrect or misleading information concerning elections or pandemics. Research from the Center for Combating Online Hate in the United States in December 2022 showed how the social network's algorithm suggested hazardous content to its teenage members, including videos about self-harm and eating disorders.

Yet, the fact that ByteDance has released two different versions of its application—Douyin, which is only available in the Chinese market, and TikTok for the rest of the world—reinforces misconceptions and wild speculation about the latter.

It occurs while China and the West are engaged in a larger technology-related arms race that includes everything from surveillance balloons to computer chips. TikTok seeks a lot of user permissions, according to the Exodus Privacy organization, which examines Android apps. As a result, the program gets access to the device's microphone, contacts, camera, storage, and even geolocation information.

TikTok first needs broad access to its users' devices in order to function, display targeted adverts, or show pertinent videos. On the website of the ToSDR association, which simplifies and evaluates the general conditions of use of numerous applications and services, TikTok obtains an E score, the worst score in the list.

The federal government will reportedly also prevent the app from being downloaded on authorized devices going forward, according to Mona Fortier, president of the Canadian Treasury Board. It is justified that the approach of European institutions is one of caution in the face of difficult international relations with Beijing.








Read more »
European Court of Justice
Amazon Christian Louboutin Cyber Fraud EU European Court of Justice

Amazon Could be Responsible for Fake Louboutin Shoe Advertisements


Online retailer Amazon may be deemed accountable for breaching luxury footwear brand Christian Louboutin’s EU trademark rights. 

According to the European Court of Justice's preliminary ruling in the case, third-party dealers were found to be advertising counterfeit red-soled stilettos on Amazon, without Louboutin's permission. 

The case came to light when the French designer filed lawsuits against Amazon in Belgium and Luxembourg, claiming that he did not authorize these products to be put on the market. 

Louboutin’s signature red-soled stilettos are apparently registered as a trademark within the EU and Benelux trademark. 

The top court of the EU stated that customers could be misled into believing that Amazon is selling shoes on behalf of Louboutin when, for example, Amazon places its logo on the ads of third-party sellers and stores and ships the products. 

“These circumstances may indeed make a clear distinction difficult, and give the impression to the normally informed and reasonably attentive user that it is Amazon that markets — in its own name and on its own behalf,” the court stated. The luxury brand says that the court’s decision is “a victory for the protection of its know-how and creativity.” 

“It initiated these proceedings to obtain recognition of Amazon’s responsibility for the offering for sale of counterfeit products on its platforms by third parties. It also brought this case to encourage Amazon to play a more direct role in the fight against counterfeiting on its platforms,” Maison Louboutin said in a statement. 

The EU court came to the conclusion that it is now up to the local governments in Belgium and Luxembourg to decide whether consumers of the online marketplace have believed that Amazon itself was running the advertising rather than third-party vendors.  

Read more »
User Privacy
Cyber Crime DDOS Attacks EU Europol Phishing Attacks User Privacy

DDoS-for-Hire Websites are Seized by Authorities

 

According to Europol, international police deactivated roughly 50 well-known websites that charged users to perform distributed denial-of-service attacks and detained seven people who were allegedly the sites' administrators.

Operation Power Off was a coordinated effort by law enforcement agencies in the US, the Uk, the Netherlands, Poland, and Germany to combat attacks that have the potential to shut down the internet.

According to the police, the defendants misrepresented their websites as being services that could be employed for network testing while actually charging users for DDoS assaults against universities, government organizations, gaming platforms, and millions of people both domestically and overseas. Websites are rendered unavailable by DDoS attacks, which function by flooding them with unwanted traffic.

"These DDoS-for-hire websites, with paying customers both inside and outside the US, enabled network outages on a massive scale, targeting millions of victim computers around the world," said Antony Jung, special agent in charge of the operation at the FBI's field office in Anchorage, Alaska. Before purchasing or offering these illicit services, prospective users and administrators should exercise caution.

The largest DDoS-for-hire services are available on these sites, according to the UK's National Crime Agency (NCA), one of which has been used to launch more than 30 million attacks in its existence. Additionally, it has taken possession of customer data and, pending examination, may soon take legal action against UK site visitors.

DDoS Attack Is Illegal

DDoS poses the risk of lowering the barrier to entry for cybercrime. As per Europol, anyone with no technical expertise can start DDoS attacks with the press of a button for as little as $10, taking down entire networks and websites.

The harm they can cause to victims can be severe, financially crushing businesses and stripping people of necessary services provided by banks, governmental agencies, and law enforcement. Many young IT enthusiasts participate in this allegedly low-level crime feeling motivated by their imagined anonymity, unaware of the potential repercussions of such online activity.

The police take DDoS attacks seriously. Irrespective of their size, all users are monitored by law authorities, whether they are high-level hackers launching DDoS assaults against for-profit targets or casual users kicking their rivals out of video games.


Read more »
Meta
Cyber Crime Data Protection Bill EU Fine Ireland Meta

Meta Penalized 276 Million by Ireland Under EU Laws

According to Meta's handling of sensitive user data, the Irish Data Protection Commission has fined the company $276 million. 

The European Union's primary privacy watchdog, Meta, is the most recent example of how regional authorities are growing more active in their enforcement of the bloc's privacy regulations against major internet corporations.

Insiders discovered the exposed data, which contained the full names, contact information, addresses, and dates of birth of users on the platform between 2018 and 2019. At the time, Meta said that the information was taken by a malicious party using a flaw that the firm addressed in 2019 and that it was the same information used in a prior leak that Motherboard had discovered in January 2021.

The DPC has fined Meta three times already this year. In connection with a slew of 2018 data breaches that compromised the personal information of as many as 30 million Facebook users, the DPC penalized Meta $18.6 million USD in March for poor record-keeping.

In a privacy issue, Meta and its affiliates, including WhatsApp and Instagram, have now been punished by Ireland three times in the last 15 months, reaching more than $900 million in monetary penalties. The other concerns include WhatsApp's transparency on how it manages user data and Instagram's management of children's data. Meta is contesting those judgments.

A representative for Meta stated that the business will reconsider the choice. Meta representative remarked, "Unauthorized data scraping is unacceptable and against our standards.

According to Ireland's privacy regulator, there are dozens more complaints involving numerous major tech corporations that are still pending. Based on the corporations and EU officials, tech companies are currently in discussions with the European Commission, the EU's executive body, to identify which parts of each new law will apply to the particular services they provide. Beginning in the middle of next year, certain parts of the new laws will be put into effect.


Read more »
Vulnerability and Exploits.
Data protection Elon Musk EU GDPR Social Media threats Twitter Vulnerability and Exploits.

Twitter's Brussels Staff Sacked by Musk 

After a conflict on how the social network's content should be regulated in the Union, Elon Musk shut down Twitter's entire Brussels headquarters.

Twitter's connection with the European Union, which has some of the most robust regulations controlling the digital world and is frequently at the forefront of global regulation in the sector, may be strained by the closing of the company's Brussels center. 

Platforms like Twitter are required by one guideline to remove anything that is prohibited in any of the EU bloc's member states. For instance, tweets influencing elections or content advocating hate speech would need to be removed in jurisdictions where such communication is prohibited. 

Another obligation is that social media sites like Twitter must demonstrate to the European Commission, the executive arm of the EU, that they are making a sufficient effort to stop the spread of content that is not illegal but may be damaging. Disinformation falls under this category. This summer, businesses will need to demonstrate how they are handling such positions. 

Musk will need to abide by the GDPR, a set of ground-breaking EU data protection laws that mandate Twitter have a data protection officer in the EU. 

The present proposal forbids the use of algorithms that have been demonstrated to be biased against individuals, which may have an influence on Twitter's face-cropping tools, which have been presented to favor youthful, slim women.

Twitter might also be obligated to monitor private conversations for grooming or images of child sexual abuse under the EU's Child Sexual Abuse Materials proposal. In the EU, there is still discussion about them.

In order to comply with the DSA, Twitter will need to put in a lot more effort, such as creating a system that allows users to flag illegal content with ease and hiring enough moderators to examine the content in every EU member state.

Twitter won't have to publish a risk analysis until next summer, but it will have to disclose its user count in February, which initiates the commission oversight process.

Two lawsuits that might hold social media corporations accountable for their algorithms that encourage dangerous or unlawful information are scheduled for hearings before the US Supreme Court. This might fundamentally alter how US businesses regulate content. 
Read more »
malware
APK Files APT APT actors APT attacks cyber espionage DLL EU European Union Fancy Bear Malicious actor malware

FancyBear: Hackers Use PowerPoint Files to Deliver Malware

 

FancyBear: Hackers Use PowerPoint Files to Deliver Malware Cluster25 researchers have recently detected a threat group, APT28, also known as FancyBear, and attributed it to the Russian GRU (Main Intelligence Directorate of the Russian General Staff). The group has used a new code execution technique that uses mouse movement in Microsoft PowerPoint, to deliver Graphite malware.
 
According to the researchers, the threat campaign has been actively targeting organizations and individuals in the defense and government organizations of the European Union and East European countries. The cyber espionage campaign is believed to be still active.
 

Methodology of Threat Actor

 
The threat actor allegedly entices victims with a PowerPoint file claiming to be associated with the Organization for Economic Cooperation (OECD).
 
This file includes two slides, with instructions in English and French to access the translation feature in zoom. Additionally, it incorporates a hyperlink that plays a trigger for delivering a malicious PowerShell script that downloads a JPEG image carrying an encrypted DLL file.
 
The resulting payload, Graphite malware is in Portable Executable (PE) form, which allows the malware operator to load other malwares into the system memory.
 
“The code execution runs a PowerShell script that downloads and executes a dropper from OneDrive. The latter downloads a payload that extracts and injects in itself a new PE (Portable Executable) file, that the analysis showed to be a variant of a malware family known as Graphite, that uses the Microsoft Graph API and OneDrive for C&C communications.” States Cluster25, in its published analysis.
 
The aforementioned Graphite malware is a fileless malware that is deployed in-memory only and is used by malware operators to deliver post-exploitation frameworks like Empire. Graphite malware’s purpose is to allow the attacker to deploy other malwares into the system memory.
 
 
Based on the discovered metadata, according to Cluster25, the hackers have been preparing for the cyber campaign between January and February. However, the URLs used in the attacks were active in August and September.
 
With more hacker groups attempting to carry out such malicious cyber campaigns, the government and private sectors must deploy more powerful solutions to prevent future breaches and cyber attacks to safeguard their organizations.
Read more »
Subscribe to: Posts (Atom)